The present application is directed to controlling access to restricted and/or secured data which require authentication of a user, prior to providing the user with access. Examples of restricted and/or secured data include but are not limited to medical records protected under the Health Insurance Portability And Accountability Act (HIPAA), military data, corporate data, among many other forms of data.
As electronic data generating devices (e.g., smartphones, tablet computers, laptops, personal data assistants, etc.) have become more portable, users wish to access this restricted and/or secured data in a convenient manner. This creates a potential tension between keeping data secure, and the convenience of accessing the data through such electronic data generating devices.
A particular example of this issue would be nurses using their smartphones to access HIPAA protected healthcare records. The possibility of smartphones being physically lost or stolen exemplifies this tension between data security (i.e., the user is forced to enter a password and/or use a biometric ID on a frequent basis) and usability (user can log in once, and can then casually access confidential data freely for an extended time).
Current solutions include users either entering a pin/password or biometric data on a frequent basis (for example, on every distinct access, or every few minutes) or choosing to risk leaving themselves logged in for an extended period. Other solutions include attempts at also trying to ensure the user and the electronic data generating device are not separated when the user is logged in. These solutions commonly employ some sort of sensor that senses the separation (e.g., the user is out of range of the device), and then provides an indicator of the separation (e.g., an alarm or other alert) and/or acts to end the access to the secured and/or restricted data.
Thus the individual's motivation of convenience is in direct conflict with the organization's goals of limiting potential significant liability or loss or public exposure of such data. With the rise of personally-owned mobile devices (e.g., smartphones) being brought into the work environment, the scope of the problem is growing rapidly.